netfilter: nft_log: fix snaplen does not truncate packets

There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5
("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set
copy_len here does not work, so we should enable NF_LOG_F_COPY_LEN also.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 5f6f088..24a73bb 100644 (file)
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -92,6 +92,7 @@ static int nft_log_init(const struct nft_ctx *ctx,
        case NF_LOG_TYPE_ULOG:
                li->u.ulog.group = ntohs(nla_get_be16(tb[NFTA_LOG_GROUP]));
                if (tb[NFTA_LOG_SNAPLEN] != NULL) {
+                       li->u.ulog.flags |= NF_LOG_F_COPY_LEN;
                        li->u.ulog.copy_len =
                                ntohl(nla_get_be32(tb[NFTA_LOG_SNAPLEN]));
                }
@@ -149,7 +150,7 @@ static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr)
                if (nla_put_be16(skb, NFTA_LOG_GROUP, htons(li->u.ulog.group)))
                        goto nla_put_failure;
 
-               if (li->u.ulog.copy_len) {
+               if (li->u.ulog.flags & NF_LOG_F_COPY_LEN) {
                        if (nla_put_be32(skb, NFTA_LOG_SNAPLEN,
                                         htonl(li->u.ulog.copy_len)))
                                goto nla_put_failure;